Primary

Context

Netis E1+ Information Disclosure Vulnerability Allowing WiFi Password Retrieval

Vulnerability

An information disclosure vulnerability has been identified in the Netis E1+ router, specifically in version 1.2.32533. This vulnerability allows unauthenticated attackers to access WiFi passwords through the netcore_get.cgi endpoint. By sending a GET request to this endpoint, attackers can retrieve sensitive network information, including SSID and WiFi passwords, in plain text.

Impact

Exploitation of this vulnerability leads to unauthorized access to WiFi passwords and SSIDs, allowing attackers to connect to the affected wireless networks.

Reproduction

To reproduce this vulnerability, send a GET request to the netcore_get.cgi endpoint on a Netis E1+ router running version 1.2.32533. The response will include unencrypted WiFi passwords and SSIDs.

Added: Feb 3, 2026, 10:35 PM

Updated: Feb 3, 2026, 10:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netis E1+ Information Disclosure Vulnerability Allowing WiFi Password Retrieval

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating